writeups.xyz / Taking down the SSO, Account Takeover in the Websites of Kolesa due to Insecure JSONP Call

Submitter : c2a

Date: 28 September 2020

Bounty : undisclosed

Vulnerabilities :

Account Takeover

Programs :

Undisclosed

Authors :

Yashar Shahinzadeh (@YShahinzadeh)

Link :
https://medium.com/bugbountywriteup/taking-down-the-sso-account-takeover-in-3-websites-of-kolesa-due-to-insecure-jsonp-call-facd79732e45